Azure Provider Reference¶

Source of truth

Definitions live under examples/api-definitions/apis/az. Update the API definitions and re-run make docs-reference.

v1¶

Resource	Kind	Short Names	Categories
`containerregistries`	`ContainerRegistry`	acr	—
`functionapps`	`FunctionApp`	func	—
`storageaccount`	`StorageAccount`	sa	—
`virtualmachines`	`VirtualMachine`	vm	—

ContainerRegistry¶

API Group: az/v1\
Resource Name: containerregistries\
Kind: ContainerRegistry

Managed OCI registries for Azure and hybrid workloads.

ContainerRegistry brings Azure Container Registry configuration to the same source file as Terraform and kubectl style workflows. Capture SKU, retention, encryption, and network rules once and share them broadly.

Configuration Examples¶

YAMLHCL

apiVersion: az/v1
kind: ContainerRegistry
metadata:
  name: platform-shared
spec:
  subscriptionId: 00000000-1111-2222-3333-444444444444
  resourceGroup: rg-platform
  location: australiaeast
  sku: Premium
  adminUserEnabled: false
  retentionPolicy:
    days: 30
    status: enabled
  networkRuleSet:
    defaultAction: Deny
    ipRules:
      - action: Allow
        value: 10.10.0.0/16

resource "azurerm_container_registry" "platform" {
  name                = "platform-shared"
  resource_group_name = azurerm_resource_group.platform.name
  location            = azurerm_resource_group.platform.location
  sku                 = "Premium"
  admin_enabled       = false

  retention_policy {
    days    = 30
    enabled = true
  }

  network_rule_set {
    default_action = "Deny"
    ip_rule {
      action = "Allow"
      ip_range = "10.10.0.0/16"
    }
  }
}

Required Arguments¶

Name	Type	Description
`subscriptionId`	`string`	Subscription that owns the registry.
`resourceGroup`	`string`	Resource group where the registry is deployed.
`location`	`string`	Azure region for the registry.
`sku`	`string`	SKU tier such as `Basic`, `Standard`, or `Premium`.

Optional Arguments¶

Name	Type	Description	Default
`adminUserEnabled`	`bool`	Controls whether the legacy admin user/password is available.	—
`retentionPolicy`	`object`	Retention policy block with `days` and `status` keys.	—
`networkRuleSet`	`object`	Optional block for IP/VNet allow lists and default action.	—

Computed Attributes¶

Name	Type	Description
`loginServer`	`string`	DNS hostname clients should push to.
`id`	`string`	ARM resource ID for the registry.

FunctionApp¶

API Group: az/v1\
Resource Name: functionapps\
Kind: FunctionApp

Serverless Functions-as-a-Service on Azure.

Azure FunctionApp documents consolidate the knobs for deployment slots, plan SKUs, identity, and app settings. They make it straightforward to represent both YAML and HCL views for teams that co-manage workloads.

Configuration Examples¶

YAMLHCL

apiVersion: az/v1
kind: FunctionApp
metadata:
  name: image-hooks
spec:
  subscriptionId: 00000000-1111-2222-3333-444444444444
  resourceGroup: rg-serverless
  location: australiaeast
  planSku: EP1
  storageAccountName: funcstate
  runtimeStack: dotnet-isolated
  identity:
    type: SystemAssigned
  appSettings:
    FUNCTIONS_WORKER_PROCESS_COUNT: "4"
    EVENT_TOPIC: image-updates

resource "azurerm_linux_function_app" "image_hooks" {
  name                = "image-hooks"
  resource_group_name = azurerm_resource_group.serverless.name
  location            = azurerm_resource_group.serverless.location
  service_plan_id     = azurerm_service_plan.functions.id
  storage_account_name       = azurerm_storage_account.funcstate.name
  storage_account_access_key = azurerm_storage_account.funcstate.primary_access_key

  app_settings = {
    FUNCTIONS_WORKER_PROCESS_COUNT = 4
    EVENT_TOPIC                   = "image-updates"
  }

  identity {
    type = "SystemAssigned"
  }
}

Required Arguments¶

Name	Type	Description
`subscriptionId`	`string`	Subscription that contains the Function App.
`resourceGroup`	`string`	Resource group where the Function App lives.
`location`	`string`	Azure region for the app and hosting plan.

Optional Arguments¶

Name	Type	Description	Default
`planSku`	`string`	Consumption (`Y1`), Elastic Premium (`EP1`), or Dedicated SKU.	—
`storageAccountName`	`string`	Backing storage account used for package deployment.	—
`runtimeStack`	`string`	Worker runtime, e.g. `dotnet-isolated` or `node`.	—
`identity`	`object`	Managed identity configuration for the app.	—
`appSettings`	`map(string)`	Environment variables available during execution.	—

Computed Attributes¶

Name	Type	Description
`defaultHostname`	`string`	Public hostname automatically assigned by Azure.
`outboundIpAddresses`	`list(string)`	Comma-separated list of possible outbound IPs.

VirtualMachine¶

API Group: az/v1\
Resource Name: virtualmachines\
Kind: VirtualMachine

General purpose compute on Azure Virtual Machines.

Use VirtualMachine to describe provisioned Azure compute instances, whether you manage them with Terraform, ARM, or the Portal. The schema focuses on the knobs infrastructure teams change most frequently: the source image, SKU, networking attachments, and OS customization.

Configuration Examples¶

YAMLHCL

apiVersion: az/v1
kind: VirtualMachine
metadata:
  name: vm-web-01
spec:
  subscriptionId: 00000000-1111-2222-3333-444444444444
  resourceGroup: rg-web
  location: australiaeast
  size: Standard_D4s_v5
  networkInterfaceIds:
    - /subscriptions/.../networkInterfaces/web-nic
  osDisk:
    caching: ReadWrite
    storageAccountType: Premium_LRS
  sourceImage:
    publisher: Canonical
    offer: 0001-com-ubuntu-server-jammy
    sku: 22_04-lts
    version: latest
  adminUsername: ubuntu
  sshPublicKeys:
    - "ssh-ed25519 AAAA..."

resource "azurerm_linux_virtual_machine" "web" {
  name                = "vm-web-01"
  resource_group_name = azurerm_resource_group.web.name
  location            = azurerm_resource_group.web.location
  size                = "Standard_D4s_v5"
  admin_username      = "ubuntu"
  network_interface_ids = [
    azurerm_network_interface.web.id,
  ]

  source_image_reference {
    publisher = "Canonical"
    offer     = "0001-com-ubuntu-server-jammy"
    sku       = "22_04-lts"
    version   = "latest"
  }

  os_disk {
    caching              = "ReadWrite"
    storage_account_type = "Premium_LRS"
  }
}

Required Arguments¶

Name	Type	Description
`subscriptionId`	`string`	Azure subscription that owns the VM.
`resourceGroup`	`string`	Target resource group for the VM and supporting objects.
`location`	`string`	Azure region, e.g. `australiaeast`.
`size`	`string`	VM SKU defining vCPU, RAM, and network bandwidth.

Optional Arguments¶

Name	Type	Description	Default
`networkInterfaceIds`	`list(string)`	NIC resource IDs wired to the VM.	—
`sourceImage`	`object`	Publisher/offer/sku triple that defines the OS image.	—
`osDisk`	`object`	Disk storage settings such as caching and SKU.	—
`adminUsername`	`string`	Linux user provisioned for SSH.	—
`sshPublicKeys`	`list(string)`	Authorized keys that enable SSH login.	—

Computed Attributes¶

Name	Type	Description
`id`	`string`	ARM resource ID of the VM.
`privateIps`	`list(string)`	IPv4 addresses assigned to attached NICs.